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Art Unit: 2162 

DETAILED ACTION 
Election/Restrictions 

Restriction to one of the following inventions is required under 35 U.S.C. 121: 

I. Claims 1 - 8, and 15-16, drawn to generating a database or data structure, 
classified in class 707, subclass 102. 

II. Claims 9-14, and 17-23, drawn to privileged access, classified in class 707, 
subclass 9. 

III. Claims 24 - 27, drawn to manipulating data structure, classified in class 707, 
subclass 101. 

IV. Claims 28 - 29, drawn to application of database, classified in class 707, 
subclass 104.1. 

V. Claims 30 - 32, drawn to distributed remote access, classified in class 707, 
subclass 10. 



Inventions I, II, III, IV, and V are related as combination and subcombinations 
disclosed as usable together in a single combination. The subcombinations are distinct 
from each other if they are shown to be separately usable. In the instant case, invention 
I has separate utility such as generating a database or data structure; invention II has 
separate utility such as privileged access; invention III has separate utility such as 
manipulating data structure; invention IV has separate utility such as application of 
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database; invention V has separate utility such as distributed remote access; Each of 
the five inventions does not require the particulars of the remaining inventions. 

On May 16, 2006, a telephone call was made to Keith Sanders to request an oral 
election to the above restriction requirement, that result in the election with traverse of 
Group II being made. 

Applicant is reminded that upon the cancellation of claims to a non-elected 
invention, the inventorship must be amended in compliance with 37 CFR 1.48(b) if one 
or more of the currently named inventors is no longer an inventor of at least one claim 
remaining in the application. Any amendment of inventorship must be accompanied by 
a request under 37 CFR 1.48(b) and by the fee required under 37 CFR 1.1 7(i). 
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DETAILED ACTION 

1 . This action is issued in response to applicant filed application on 10/24/03 

2. Claims 1-32 are pending. 

3. Group II, claims 9 - 14, and 17-23 were elected with traverse. No claims 
cancelled. 

Claim Objections 

4. Claims 9-14, and 1 7 - 23 are objected to because of the following informalities: 
The term "OS" in claims 9, 17 - 20, and 22, is not defined by the claims. 

The term "LSA" in claims 12, 20, and 23, is not defined by the claims. 

The term "SAM" in claims 12, 20, and 23, is not defined by the claims. 

The term "AD" in claims 12, 20, and 23, is not defined by the claims. 

The term "KDC" in claims 12, 20, and 23, is not defined by the claims. 

Examiner in unclear as to what an "OS", "LSA", "SAM", "AD", or "KDC" is. Examiner is 

unable to determine what the invention entails because the terms are not clearly defined 

in the claims. Examiner asserts that all claims should be checked for clarification. 

Appropriate correction is required. 



Claim Rejections - 35 USC § 112 
5. The following is a quotation of the first paragraph of 35 U.S.C. 112: 
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The specification shall contain a written description of the invention, and of the manner and process of 
making and using it, in such full, clear, concise, and exact terms as to enable any person skilled in the 
art to which it pertains, or with which it is most nearly connected, to make and use the same and shall 
set forth the best mode contemplated by the inventor of carrying out his Invention. 

6. Claims 1 1 , and 19 are rejected under 35 U.S.C. 112, first paragraph, as failing to 
comply with the written description requirement. The claim(s) contains subject matter 
which was not described in the specification in such a way as to reasonably convey to 
one skilled in the relevant art that the inventor(s), at the time the application was filed, 
had possession of the claimed invention. 

Claims 1 1 , and 19 recite the limitation "the user is not logged on" in line 1 . This is 
a negative limitation, which does not have basis in the original disclosure. This limitation 
renders the claims indefinite. 

Examiner asserts that all claims should be checked for clarification. 
Appropriate action is required. 



Claim Rejections - 35 USC § 102 

7. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 1 02 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(e) the invention was described in (1) an application for patent, published under section 122(b), by 
another filed in the United States before the invention by the applicant for patent or (2) a patent 
granted on an application for patent by another filed in the United States before the invention by the 
applicant for patent, except that an international application filed under the treaty defined in section 
351(a) shall have the effects for purposes of this subsection of an application filed in the United States 
only if the international application designated the United States and was published under Article 21(2) 
of such treaty In the English language. 
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8. Claim 9 - 11, 13 - 14, 17 - 19, and 22 are rejected under 35 U.S.C. 102(e) as 
being anticipated by Botz et al. (Botz hereinafter) (US Patent App. Pub. No. 
2003/0177388 A1, filed: March 15, 2002). 

Regarding Claim 9, Botz discloses a method comprising: 

receiving a credential from a user at an input device in communication With a 
local machine having an OS (Page 1 and 2, [0007] and [0033], lines 1 1 - 13, and 3 - 5 
and 10-11, Botz^); 

translating the credential with one of different coexisting credential provider 
modules for translating respectively different types of credentials into a common 
credential protocol (Page 1, [0007], lines 13-17, Botz^); and 

using a component of the OS to authenticate the translated credential having the 
common credential protocol against a credential database (Page 1 , [0008], lines 6-9, 
Botz^); and 

logging the user on with the OS to access the local machine when the 
authentication is successful (Page 3, [0034], lines 7-13, Botz'*). 

Regarding Claim 10, Botz discloses a method, wherein the logging of the user on 
further comprises logging the user on to the local machine after a plurality of said 

^ Wherein the step of forwarding implies the step of receiving the credential claimed. And wherein the 
user ID and password corresponds to the credential claimed. 

^ Wherein the authenticated user identity corresponds to the credential (being translated) claimed; the 
initial authentication unit corresponds to one of different coexisting credential provider modules claimed; 
and the local user identity corresponds to the common credential protocol claimed. 
^ Wherein the step to subsequent authenticate corresponds to the step to authenticate claimed. 
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credentials have been received, translated by a respective said different coexisting 
credential provider module, and authenticated successfully (Page 7, [0094], lines 6 - 
10. Botz^). 

Regarding Claim 1 1 , Botz discloses a method, wherein the user is not logged on 
to the local machine at the time when the translated credentials are authenticated (Page 
7. [0094], lines 6 -10, Botz). 

Regarding Claim 13, Botz discloses a method, wherein each said credential 
provider module is interoperable, through a credential provider API, to the component of 
the OS (Fig. 4, item 402, Page 5, [0071], lines 1-4, the interfaces services, Botz). 

Regarding Claim 14, Botz discloses a computer-readable medium comprising 
instructions that, when executed by a computer (Page 2, [0030], lines 1-4, Botz). 

Regarding Claim 17, Botz discloses a method comprising: 

receiving a credential from a user at an input device in communication with a 

local machine having an OS (Page 1 and 2, [0007] and [0033], lines 1 1 - 13, and 3 - 5 

and 10-11; respectively, Botz^); 



^ Wherein the step of sign-on corresponds to the step of logging the user claimed. 
^ Wherein the step of using the policy information, including trust policy and initial authentication, to 
signing the user on (Page 7, [0094], lines 1 - 6, Botz) corresponds to the step of logging the user 
claimed. In addition, Botz discloses the use of a plurality of credentials as claimed (Page 7, [0101], lines 3 
- 14. Botz). 
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translating the credential with a credential provider module that corresponds to 
the input device (Page 1 and 3, [0007] and [0046], lines 13 - 17 and 1 - 10; 
respectively, Botz^), wherein: 

the credential provider module is one of a plurality of coexisting different 
said credential provider modules (Page 3, [0042], lines 1 - 5, a particular server 
within a defined trust set of servers, Botz); and 

each said credential provider module can perform a translation of a 
respectively different type of said credential received at a different said input 
device in communication with the local machine (Page 1 and 4, [0007] and 
[0050], lines 13-17 and 1 - 6; respectively, Botz); and 

each said translation of each said credential is in a common credential 
protocol (Page 1. [0007], lines 13-17, Botz®); 

communicating the translated credential having the common credential protocol 
through a credential provider interface to a logon Ul routine of the OS (Page 7, [0090], 
lines 1 - 5, Botz®); 

passing the translated credential having the common credential protocol to a 
logon routine of the OS from the logon Ul routine (page 7, [0091], lines 1 -4, Botz); 



® Wherein the step of forwarding implies the step of receiving the credential clainaed. And wherein the 
user ID and password corresponds to the credential claimed. 

^ Wherein the step of identifying to a particular server (Page 3, [0046], lines 4-8, Botz) corresponds to 

the step of translating to the corresponding input device claimed. 

® Wherein the local user identity corresponds to the common credential protocol claimed. 

® Wherein the identity translation token (ITT) and/or the identity translation token reference (ITTR) 

correspond to the translated credential claimed. And wherein the server's interface services correspond 

to the credential provided interface claimed. Botz specifically discloses the logon Ul routine in Page 7, 

[0092], and lines 1 - 8. 
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authenticating the translated credential against a credential database with the 
logon routine of the OS (Page 1 and 7. [0008] and [0092], lines 6 - 9 and 1 - 5; 
respectively, Botz^°); and 

logging the user on to access the local machine with the OS when the 
authentication is successful (Page 3 and 7, [0034] and [0094], lines 7 - 13 and 6 - 10; 
respectively, Botz^^). 

Regarding Claim 18, Botz discloses a method, wherein the logging the user on to 
access the local machine with the OS further comprises deferring the logging on of the 
user to access the local machined until the receiving, the translating, the 
communicating, the passing, and the authenticating successfully have been repeated 
for each of a plurality of said credentials (Page 7, [0094], lines 6-10, Botz^^). 

Regarding Claim 19, Botz discloses a method, wherein the user is not logged on 
to access the local machine when the translated credentials are authenticated against 
the credential database with the logon routine of the OS (Page 7, [0094], lines 6-10, 
Botz). 



Wherein the step of performing subsequent authentication corresponds to the step of authenticating 
claimed. 

Wherein the step of sign-on corresponds to the step of logging the user claimed. 

Wherein the step of using the policy information, including trust policy and initial authentication, to 
signing the user on (Page 7, [0094], lines 1-6, Botz) corresponds to the step of logging the user 
claimed. In addition, Botz discloses the use of a plurality of credentials as claimed (Page 7, [0101], lines 3 
- 14, Botz). By signing the user on after the information if authenticated, the system is deferring the 
signing on or logging on. 
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Regarding Claim 21 , Botz discloses a computer-readable medium comprising 
instructions that, when executed by a computer, perform the method of claim 17 (Page 
2, [0030], lines 1 -4, Botz). 

Regarding Claim 22, Botz discloses a computer-readable medium comprising a 
credential provider module including instructions that, when executed by a local 
machine having an OS, receive and translate a credential into a credential protocol so 
as to be compatible for authentication by an authentication component of the OS 
against a credential database for logging a user identified by the credential on with the 
OS to access the local machine when the authentication is successful, wherein: 

the translated credential can be received via an interface to the authentication 
component of the OS (Page 1 and 2, [0007] and [0033], lines 11 - 13, and 3 - 5 and 10 
-11; respectively, Botz^^); 

the interface to the authentication component of the OS is compatible for 
receiving each of a plurality of said credentials from a corresponding plurality of different 
coexisting credential provider modules (Page 1 and 4, [0007] and [0050], lines 13-17 
and 1-6. multiple security user registries of multiple computer platforms; respectively, 
Botz); and 

each said different coexisting credential provider module can: 



" Wherein the step of forwarding implies the step of receiving the credential claimed. And wherein the 
user ID and password corresponds to the credential claimed. 
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receive a respective different type of said credential from a respective 
input device (Fig. 10, items 1104, 1108, 1110, and 1112, Page 9, [0123], lines 8- 
II.Botz^^); and 

translate each said different type of said credential into the credential 
protocol so as to be compatible for authentication by the authentication 
component of the OS against the credential database (Page 3, [0039], lines 1 - 
6, an infrastructure to support run-time cooperation between disparate security 
registry user, Botz). 



Claim Rejections - 35 USC § 103 

9. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

10. This application currently names joint inventors. In considering patentability of 
the claims under 35 U.S.C. 103(a), the examiner presumes that the subject matter of 
the various claims was commonly owned at the time any inventions covered therein 



Wherein examiner interprets the step where a first user signs on using Public Key infrastructure (PKI), 
and a second user signs on using Kerberos (Page 9, [0123], lines 8-11, Botz) as the step of receiving 
different type of credential from respective input device as claimed. 
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were made absent any evidence to the contrary. Applicant is advised of the obligation 
under 37 CFR 1 .56 to point out the inventor and invention dates of each claim that was 
not commonly owned at the time a later invention was made in order for the examiner to 
consider the applicability of 35 U.S.C. 103(c) and potential 35 U.S.C. 102(e), (f) or (g) 
prior art under 35 U.S.C. 103(a). 

1 1 . Claims 12, 20, and 23 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Botz et al. (Botz hereinafter) (US Patent App. Pub. No. 
2003/0177388 Al, filed: March 15, 2002) in view of Axel etal. (Axel hereinafter) (US 
Patent App. Pub. No. 2004/0139355 Al, filed: November 7, 2002). 

Regarding Claim 12, Botz discloses all the limitations as disclosed above 
including a method, wherein the use of the component of the OS to authenticate the 
translated credential having the common credential protocol against the credential 
database further comprises: 

communicating the translated credential to an LSA (Page 7, [0090], lines 1-5, 
Botz^^); and 

determining the authentication with the LSA against the credential database 
(Page 7, [0090], lines 6-9, Botz^®) that is selected from the group consisting of: 



Wherein examiner interprets the AIT domain controller as the LSA claimed; and the identity translation 
token (ITT) and/or the identity translation token reference (ITTR) as the translated credential claimed. 

Wherein the step of validating the translated token using a copy of the signing value retained at the AIT 
domain controller corresponds to the step of determining the authentication against the credential 
database as claimed. In addition, Botz further discloses that this controller utilizes databases to store the 
information (Page 6, [0086], lines 3-7, Botz). 
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a local database other than the SAM database (Page 5, [0069], lines 3 - 
5, local user registry, Botz); 

a remote credential database (Page 5, [0067], lines 12 - 14, LDAP- 
accessible storage, Botz^^); 

a token protocol credential service (Page 9, [0133], lines 2-6, HyperText 
Transfer Protocol (HTTP), Botz); 

a challenge and response protocol service (Page 9, [0133], lines 1-6, 
HyperText Transfer Protocol (HTTP), Botz^®); 

In addition, Botz further discloses KDC (Fig. 10, item 1102, Kerberos, Botz). 
However, Botz is silent with respect to a SAM database; and an AD at a domain remote 
from the local machine. On the other hand, Axel discloses a system including a SAM 
database (Page 2, [0018], lines 3-5, Axel); an AD (Page 2, [0017], lines 4-5, Axel) 
and KDC at a domain remote from the local machine (Page 2, [0017], lines 1 - 3, Axel); 
and an LSA (Page 2, [0021], lines 1-2, Axel). It would have been obvious to one of 
ordinary skill in the art at the time the invention was made to incorporate the Axel's 
teachings to the system Botz. Skilled artisan would have been motivated to do so, as 
suggested by Axel (Page 1 , [0002], lines 1-4, Axel), to provide access to various 
password-enabled computer network elements through the use of a single password 
enabled network element. In addition, both of the references (Botz and Axel) teach 

Wherein the LDPA-accessible storage corresponds to the rennote credential database claimed. The 
reason is because this storage is retrieved upon a server session, which would imply a remote session. 
^® Wherein the feature of extracting corresponds to the challenge claimed; and the feature of passing 
corresponds to the response claimed. 
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features that are directed to analogous art and tliey are directed to the same field of 
endeavor of databases management systems, such as, authentication, and login users. 
This close relation between both of the references highly suggests an expectation of 
success. 

Regarding Claim 20, the combination of Botz in view of Axel ("Botz/Axel" 
hereinafter) discloses a method, wherein the authenticating of the translated credential 
against the credential database with the logon routine of the OS further comprises: 

communicating the translated credential to an LSA from the logon routine of the 
OS (Page 7, [0090], lines 1 - 5, Botz^®; and Page 2, [0021], lines 1 - 2, LSA, Axel); and 

determining the authentication with the LSA against the credential database 
(Page 7, [0090], lines 6-9, Bot2^°; and Page 2, [0021], lines 1 - 2, LSA, Axel) that is 
selected from the group consisting of: 

a SAM database (Page 2, [0018], lines 3-5, Axel); 
a local database other than the SAM database (Page 5, [0069], lines 3 - 
5, local user registry, Botz); 

a remote credential database (Page 5, [0067], lines 12-14, LDAP- 
accessible storage, Botz^^); 



Wherein examiner interprets the AIT domain controller as the LSA claimed; and the identity translation 
token (ITT) and/or the identity translation token reference (ITTR) as the translated credential claimed. 
^° Wherein the step of validating the translated token using a copy of the signing value retained at the AIT 
domain controller corresponds to the step of determining the authentication against the credential 
database as claimed. In addition, Botz further discloses that this controller utilizes databases to store the 
information (Page 6, [0086], lines 3-7, Botz). 

Wherein the LDPA-accessible storage corresponds to the remote credential database claimed. The 
reason is because this storage is retrieved upon a server session, which implies a remote session. 
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a token protocol credential service (Page 9. [0133], lines 2-6, HyperText 
Transfer Protocol (HTTP), Botz); 

a challenge and response protocol service (Page 9, [0133], lines 1-6, 
HyperText Transfer Protocol (HTTP), Botz^^); and 

an AD (Page 2, [0017], lines 4-5, Axel) and KDC at a domain remote 
from the local machine (Page 2, [0017], lines 1 - 3, Axel; and Fig. 10, item 1 102, 
Kerberos, Botz). 

Regarding Claim 23, Botz/Axel discloses a computer-readable medium, wherein 
the authentication component of the OS comprises: 

a logon Ul module (Page 6, [0076], lines 1 - 5, Botz); 

an OS logon module for receiving Remote Procedure Call (RPC) calls from the 
log Ul module (Page 6, [0083], lines 1-5, remote sign-on, Botz); and 

an LSA for determining the authentication, and in communication with, the 
credential database (Page 7, [0090], lines 6-9, Botz^^) that is selected from the group 
consisting of: 

a SAM database (Page 2, [0018], lines 3-5, Axel); 
a local database other than the SAM database (Page 5, [0069], lines 3 - 
5, local user registry, Botz); 

Wherein the feature of extracting corresponds to the challenge clainned; and the feature of passing 
corresponds to the response claimed. 

Wherein the step of validating the translated token using a copy of the signing value retained at the AIT 
domain controller corresponds to the step of determining the authentication against the credential 
database as claimed. In addition, Botz further discloses that this controller utilizes databases to store the 
information (Page 6, [0086], lines 3-7, Botz). 
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a remote credential database (Page 5, [0067], lines 12 - 14, LDAP- 
accessible storage, Botz^^); 

a token protocol credential service (Page 9, [0133], lines 2-6, HyperText 
Transfer Protocol (HTTP), Botz); 

a challenge and response protocol service (Page 9, [0133], lines 1-6, 
HyperText Transfer Protocol (HTTP), Botz^^); and 

an AD (Page 2, [0017], lines 4-5, Axel) and KDC at a domain remote 
from the local machine (Page 2, [0017], lines 1 - 3, Axel; and Fig. 10, item 1 102, 
Kerberos, Botz). 



Wherein the LDPA-accessible storage corresponds to the remote credential database claimed. The 
reason is because this storage is retrieved upon a server session, which implies a remote session. 

Wherein the feature of extracting corresponds to the challenge claimed; and the feature of passing 
corresponds to the response claimed. 
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Prior Art Made Of Record 

1 . Botz et al. (US Patent App. Pub. No. 2003/01 77388 A1 , filed: March 1 5, 2002) 
discloses authenticated identity translation within a multiple computing unit environment. 

2. Axel et al. (US Patent App. Pub. No. 2004/01 39355 Al , filed: November 7, 
2002) discloses a method and system of accessing a plurality of network elements. 

3. Hartman et al. (US Patent No. 6,807,636 B2) discloses methods and apparatus 
for facilitating security in a network. 
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Points of Contact 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Giovanna Colan whose telephone number is (571) 272- 
2752. The examiner can normally be reached on 8:30 am - 5:00 pm. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, John Breene can be reached on (571) 272-4107. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

Giovanna Colan 
Examiner 
Art Unit 2162 
June 8, 2006 

JOHN BREENE 

SUPERVISORY PATENT EXAMINER 
TECHNOLOGY CENTER 2100 

9^ 




